A UK view on Cyber, Information & IT Security by Security Expert Dave Whitelegg. Providing advice and explaining security for everyone, and also contemplating advanced themes and future trends in security.
With a focus on all the latest developments & issues within the UK Information Security space such as Hacking, DDoS, Botnets, Malware, Identity Theft, Data Protection (DPA) and regulatory compliance like PCI DSS & ISO27001:2013, all will be explained in an easy to understand way.

Tuesday, 12 June 2012

Flame Culprit Fingered

Flame, also known as Flamer and Skywiper, is a highly sophisticated espionage focused malware, which targets and infects Microsoft Windows systems. Flame is known to spread over the network and by USB thumb drives, and this malware is centrally controlled by 'those' who created and released it onto the world, more on 'those' later. To say Flame is an extremely sophisticated piece of malware is not an understatement, it can covertly can grab screenshots, log all keyboard entry (think usernames, passwords), record Skype voice calls and even monitor network traffic, returning all this information is sent covertly to "those" who created it. Those controlling Flame infections can even send specialised control commands, which includes a "kill command", which makes the Flame malware stop running and delete itself, so covering up any evidence of it ever being present on the PC.

Flame: Commendable Malware

Flame is not the product of cyber criminals, it is way too sophisticated, and you only have to look at which area of the world is mostly infected with Flame, which just happens to be middle eastern countries. Cyber criminals tend to target online affluent first world counties like the USA and countries within Europe. You only need to look at the Zeus worm in comparison, which is a worm which targets online banking. There is a clear difference between a cyber criminal created malware and state sponsored malware, both have different targets, and have different goals following the infection of their targets.

Flame Infection Area

The Flame / Stuxnet ConnectionI have to be a little careful how I word this as I don't want a holiday in Guantanamo, so according to this must read New York Times article (http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?) and industry experts I have spoken with off the record, the United States' National Security Agency (NSA) and Israel's Unit 8200 are said to be responsible for creating and launching the Stuxnet worm against Iran's nuclear enrichment facilities. The US government are said to have dubbed their cyber warfare activity as Operation Olympic Games. Now given the great success of Stuxnet in impacting the Iranian Natanz nuclear plant, it was always going to be a matter of time before Stuxnet was followed up.

"What we have found is very strong evidence that Stuxnet/Duqu and Flame cyber-weapons are connected"

"The new findings that reveal how the teams shared source code of at least one module in the early stages of development prove that the groups co-operated at least once."

"There is a link proven - it's not just copycats.

"We think that these teams are different, two different teams working with each other, helping each other at different stages."

The findings relate to the discovery of "Resource 207", a module found in early versions of the Stuxnet malware. It bears a "striking resemblance" to code used in Flame"

"The list includes the names of mutually exclusive objects, the algorithm used to decrypt strings, and the similar approaches to file naming"

So joining up all the dots, it is an obvious conclusion that the United States and/or Israel are responsible for creating, deploying and controlling Flame, and therefore are using Flame to harvest private information on mass.

I am not clear about the United Nation treaties and rules in relation to cyber warfare/espionage engagements against other nation states, I don't think anyone is which could be the problem. But I'll leave you with some food for thought, the US government said it would respond to any state sponsored cyber attack made on it with military force.

1 comment:

Nice post which Flame is not the product of cyber criminals, it is way too sophisticated, and you only have to look at which area of the world is mostly infected with Flame, which just happens to be middle eastern countries. Cyber criminals tend to target online affluent first world counties like the USA and countries within Europe. Thanks a lot for posting this article.

About Me

ShareThis

Disclaimer

This is a personal website, all views or opinions represented in this blog are personal to Dave Whitelegg and guest bloggers that post, and do not represent the views or opinions of any business or organisation. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information.

All original content copyright David Whitelegg 2007-2016. You may not use any original content with. Awesome Inc. template. Powered by Blogger.